Researcher bricks Mac batteries with new hack

The bizarre hack could lead to Mac and PC viruses spread via the battery's firmware

A well-known Apple security researcher has revealed he can hack into Mac batteries.

Charlie Miller - known for taking down Macs in the yearly Pwn2Own competition - told Forbes he'll show the Black Hat conference next month how to take over a Mac battery.

Batteries have chips to control power levels, charging and overheating, and those chips have default passwords for protection. If an attacker hacked that password, and figured out the firmware - Miller had to reverse engineer it - he could take over the battery.

That would allow the attacker to brick the battery - Miller bricked seven in his research - or install malware, which could be used to overheat it. While that could possibly lead to fires, the researcher didn't push the hack that far, and other safeguards in the batteries could prevent that scenario.

“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes. “What I’m showing is that it’s possible to use them to do something really bad.”

While that seems a lot of effort to burn a Mac user, the hack could also be used to hide malware. When the machine is wiped clean, the malware infection will stay hidden in place in the battery, ready to re-infect.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over," Miller said. "There would be no way to eradicate or detect it other than removing the battery.”

PCs could be targeted too

While Miller's work only targeted Apple computers - as that's where his research focuses - the hack could also be used on other PCs, noted Sophos security researcher Paul Ducklin.

"So, are Apple laptop batteries the new attack vector?" he asked on the Sophos blog, saying it's no more likely than "any other hardware in your system with field-updatable firmware".

Join our site to get stuck in with comments and discussions with other passionate readers and tech fans,
and stay up to date with the latest news and reviews through our range of newsletters.

Email*

* Email address required

* Invalid Email address

I have read and accept the privacy policy and
terms and conditions and by submitting my email address
I agree to receive the PC & Tech Authority daily newsletter and receive special offers on behalf of PC & Tech Authority, nextmedia and its valued partners.
We will not share your details with third parties.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @pcauthority.com.au to your white-listed senders.